Announcement Announcement Module
No announcement yet.
How to request IDP to send me additional custom attributes in the AuthnResponse? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to request IDP to send me additional custom attributes in the AuthnResponse?


    I'm wondering is there any way to request the IDP( in my case) to send me additional attributes along with nameID which it is already sending.
    Lets say I want the IdP to send me the accountID of the person who is authenticated successfully. I've searched a lot and found some suggestions like:

    Overide the getAuthnRequest method in so that the authnRequest sent to IdP has this attribute set. But I dont have any clue how to go ahead with this? Should I've to modify my SP metada too with this additional attribute name and format? If yes, how should i do that? Or can something be done with the RelayState parameter?
    Any help in this regard would be really appreciated.


  • #2
    I'd caution against customizing your authentication request/response with additional information that is not required for authentication.

    If you'd like the AccountID sent after the user has been authenticated, I would recommend you forward the request (you can use the RelayState parameter to do this, or you can default the web resource on successful authentication in the bean configuration) to a resource that can accept and consume the AccountID parameter.


    • #3
      Thanks for the reply. After some search I found that in SP metadata we can add a AttributeConsumingService element and specify the name and format of the custom attribute which we want the IdP to send it along with the Authentication Response. However, the IdPs(which I've come across till now) are preconfigured that they can send only certain kind of attributes in the response.
      So can you please suggest if there are any IdPs(preferably free ones like :P) where we can configure the attributes which we need in the Authentication response. Thanks for your time.


      • #4
        Please see more replies to the same question at